CVE-2010-2695
Summary
| CVE | CVE-2010-2695 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-07-12 17:30:02 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:S/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Xlightftpd | Xlight Ftp Server | 3.5 | All | All | All |
| Application | Xlightftpd | Xlight Ftp Server | 3.5.5 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Xlight FTP Server "SFTP" Directory Traversal Vulnerability - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| osvdb.org/66037 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| Xlight FTP Server - what is new | af854a3a-2127-422b-91ae-364da2661108 | www.xlightftpd.com | Patch |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.